Build a custom deployment with FileOpen Developer Toolkit (SDK)

The FileOpen Developer Toolkit allows businesses with internal IT development resources to develop their own tightly integrated authentication layer and permissioning server in their chosen language and server platform. The Toolkit provides developers the strongest industry-standard encryption available, which can run in batch mode or dynamically on the server. For end-users, Toolkit supports the same set of lightweight viewers and plug-ins as FileOpen's turnkey products.

Architectural Overview

The FileOpen Toolkit consists of a pair of applications, one to encrypt documents (the Encryptor) and another to decrypt and display those documents (the Client). These applications employ a common metadata scheme (the document data) and the client exposes a simple communications protocol. The two applications form the core of a publishing system. A complete system requires the addition of server-side software to define the publisher’s business logic (e.g. to identify a document, then to determine whether a given user should be allowed to open that document) and to communicate this business logic to the client via the PermissionServer.

Document Encryption

Documents are encrypted at a RC4 128-bit, or AES 256-bit key in accordance with the specifications for that file format; details of which are available from Adobe Systems or Microsoft. During the encryption step, each document is assigned an encryption key and a set of metadata. All metadata other than the Encryption Key is stored in the document. The Encryption Key is used to encrypt the document, and then is discarded. By design, all metadata elements are defined by the publisher, subject to the above limitations.

Specifications:

PermissionServer - Example Code

As mentioned above, the FileOpen Toolkit consists of a pair of applications, encryption tools and secure document viewers/ clients. A third element (the PermissionServer) is required to manage interaction with the client via the communication protocol, however this functionality is considered to be outside of the system and is provided only in example form. The example code provided is written in Perl and ASP. There is no requirement that a PermissionServer be written in any particular language. Provided that it conforms to the syntax of the Communications Protocol, the PermissionServer may be written in any language run on any platform. Pre-built server components and complete “turnkey” PermissionServer systems are available, please contact us for more information.

FileOpen Systems provides a versatile set of plug-ins/clients to access documents encrypted with the FileOpen software. These include a plug-in for Adobe Acrobat and Reader, a client for Microsoft Office documents, an iPad / iPhone app and an Android App. We also offer a zero-client install solution, FileOpen Viewer™ which displays protected documents in an HTML5 or Flash enabled browser.

Across all these forms of delivery the FileOpen Viewer Client initiates a connection to a PermissioninServer via http or https (specified by the publisher) and passes a structured request for permission to open the document. This request, expressed in the form of the Communications Protocol, must then be parsed and evaluated by the PermissionServer, which should return either a positive answer (the Decryption Key for the document and a set of permissions) or a negative one (refusal to open the document and a reason).

What our customers are saying:

"Protecting our IP is key to our business model. The FileOpen Viewer makes the process of disseminating proprietary research painless and gives us assurance that our research reports are secure and accessible to only the intended client."